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CLAIMS 

THIS LISTING OF CLAIMS WILL REPLACE ALL PRIOR VERSIONS, AND LISTINGS OF 
CLAIMS IN THE APPLICATION, 
T JSTTNG OF CLAIMS: 

1 . (Previously presented) An access system for a computer site, comprising 

a certificate auihentication component to verify a user's identity from a digital certificate 
supplied by the user, 

a directory, coiqiled to the certificate authentication component, to maintain an account 
for each user, eadi account containing an access policy speci^g at least one portion of the 
conqmter site to which the corresponding user is permitted access, and 

an access control system, coupled to the directory, for controlling access to the computer 
site by permitting the user to access a portion of the computer site and restricting the user from 
accessing at least one other portion of the computer site, based on the access policy associated 
with the user in the directory. 

2. (Original) An access system as in claim 1, wherein the access policy includes 
information representative of a portion of the computer site to which the user is permitted access. 

3. (Original) An access system as in claim 1, further comprising 

a certificate authority component, coupled to the certificate authentication component, to 
issue digital certificates to the user. 

4. (Original) An access system as in claim I, further comprising 

a log system, coupled to the certificate authentication component, to record the user's 
actions in the computer site. 

5 . (Original) An access system as in claim 1 , further coitqmsing 

a transaction authentication systrai, coupled to the certificate authentication comiKinent, 
to provide vaified records of transactions performed using the .con:q)uter site. 
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6. (Original) Anaccesssy8teraasmclaim5,whercinthetransactionaufl^^ 
includes a digital signing module for validating transactioD8. 

7. (Original) An access system as in claim 1, wherein the computer site is an extranet. 

8. (Previously presented) A method ofregulating access to a computer site, comprising 
receiving fiom a user a request to access a computer site or a portion thereof, 
receiving information rqsresentativc of the user's identity. 

consulting a directory containing an account for each user, each account containing an 
access policy specifying at least one portion of the computer site to which the corresponding user 
is permitted access, to deteitnine whether the user is permitted to access the computer site or 
portion thereof and 

controlling access to the computer site by permitting the user to access a portion of the 
computer site and restricting the user fiom accessing at least one other portion of the computer 
site, based on flie access policy for the user. 

9. (Original) A method as in chihn 8. wherein consulting a directory includes checking the 
access policy to detemine a portion of the computer site to which the user is permitted access. 

10. (Original) A method as in claim 9. wherem the receiving a request includes receiving a 
URL address for a site within the computer site. 

1 1 . (Original) A method as in claim 8, wherein receiving information representative of the 
user's identity includes receiving a password, a retinal scan, a fingerprint, or a document capable 
of being decrypted by a public key. 

12. (Original) A method as in claim 8, whardn recdving information representative of *e 
user's identity inchides receiving a distal certificate. 

13. (Previously presented) An access system for a computer site, comprising 
means for verifying a user's identity fiom a digital certificate supplied by the user. 
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means, coupled to the means for verifying a users identity, for maintaining an account for 
each user, each account containing an access policy specifying at least one portion of the 
computer site to which the corresponding user is permitted access, and 

means, coupled to the means for storing information, for controlling access to a computer 
ate by permitting the user to access a portion of the computer site and restrict^ 
accessing at least one other portion of the computer site, based on the access poUcy associated 
with tbs user in the means for storing information. 

14. (Original) An access system as in claim 13. wherem the means for storing information 
includes infomiation representative of a portion of the computer site to which the user is 
permitted access. 

15. (Original) An access system as in claim 13, forther comprising 

means, coupled to said means for verifying a user's identity, for issuing digital certificates- 

to the user. 

1 6. (Ori^nal) An access system as in claim 13, further comprising 

means, coupled to said means for restricting access, for recording the user's actions in the 
computer site. 

1 7. (Original) An access system as m claim 13, fintiier comprising 

means, coupled to said means for veri^ng a user's identity, for storing verified records 
of transactions performed using the computer ate. 
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